| The rapid development of mobile networks exposes more and more problems about traditional network systems, which includes performance decline caused by the rapid expansion of routing table entries, weak support for multi- homing and session interruption when switching network. The main reason for these problems is the semantic overload of IP address that the IP address acts as a host identifier and a host locator at the same time. It protects the network from tracking the trouble- maker effectively and this leads to security risks to the network.To solve this problems, a new Identifier and locator separation network method is proposed. It not only decouples the semantics of the IP address, but also enables the network to provide user-oriented services by means of the introduction of the user ID model. More importantly, with a unified user identity and a derived platform, the network operators can retrieve their discourse power in the Internet era. Based on the above, this paper presents a secure user equipment access authentication and key negotiation method, valuable details about this method are also given.Currently, traditional access authentication methods are no longer applicable to the identity and locator separation network. The existing network security certification researches on ID/locator separation network mainly use smart cards, digital certificates, trusted computing and other authentication methods. However, since the authentication methods above do not go well with the proposed ID/locator separation network for their poor compatibility with traditional networks, difficult implementation and most importantly they fail to fulfill the authentication of users, a new user authentication method for initial access equipments is given.The main work of this thesis includes:1. By applying user authentication to the new network system, an authentication method based on usernames and password is employed to verify the identity of the user, and then to seperate users and their equipments. The combination of the password and the key agreement message ensures the security of the protocol.2. For security needs of the new network system, the hierarchical key system is designed to provide perfect forward secrecy and backward secrecy, it also laids the foundation for subsequent rapid switchings.3. This method implements mutual authentication between UE and SLS, UE and DR, in 2.5 rounds interaction. Besides, it achieves key negotiation, key distribution, association as well as the update of registration information. With a reduction in the number of message exchange, this method facilitates the process of terminal authentication.4. This thesis discusses the security of the authentication protocol, and a fundamental test environment is also built. Besides, related tests are employed to verify the feasibility of the protocol and the certification delay. By comparing the experimental results and the background technology, it is proved that the protocol is more efficient. |
PDF Full Text Request